SSL cetificate authority Let’s Encrypt issues over 20 million certificates – here’s why their work’s a big deal

Posted by

A year ago if you wanted a simple SSL certificate for your site or application you had to part with your hard earned dollars to get it. Granted that the cash shortages were still not known to most of us, liquidity was already a problem. On 12 April last year Let’s Encrypt changed all that.

Less than a year after its launch (it started issuing certificates in April last year) it announced that it had broken the 20 million certificates mark at the end of 2016. That’s phenomenal growth by most measures and it raises the question, why is Let’s Encrypt such a big deal and what is their role in SSL certificates all about?

What’s SSL?

Well, technically, SSL a deprecated cryptographic protocol for the Transport Secure Layer (TLS) protocol that people insist on continuing using. TLS is a communications protocol that allows you to securely access internet services such as the web and email. It provides privacy (prevent people from spying) as well as ensure data integrity (prevent someone from tampering with your data).

advertisement

We have already looked SSL certificates here.

Why do I need it?

If you have an eCommerce site or app then SSL certificates are a must as such apps are a prime target for hackers and scammers. You will need a certificate in order to be PCI compliant. If you run a site/app which deals with user data such as logins, passwords and other confidential information you will need to use TLS to protect your site against various attacks.

Even if you don’t run such sites having an encrypted connection will help boost your SEO. While it’s true that no one really knows the specifics of Google’s secret sauce, it has been confirmed that SSL is one of the key factors that is considered.

If you are the sort of person who responds to sticks instead of carrots here’s your stick: Starting this month users of the Chrome browser, arguably the most popular global browser, will start receiving a warning every time they land on an unsecured page telling them the site is not secure. Most novice users will run to the bushes as soon as they see this. Google has a lot of clout when it comes to the web and it’s always a good thing to listen to them.

You said free

Let’s Encrypt offers free certificates, which means for zero costs/gratis. This will help ensure that poor people like us, SMEs and tight-fisted conglomerates can have as many certificates as they need for all sorts of domains including sub-domains.

To prove just how popular free is, here are some of Let’s Encrypt’s milestones:

  • Let’s Encrypt is founded by two Mozilla employees in 2012
  • Following tortoise-paced bureaucratic mumbo jumbo steps, they issue their first certificate in October 2015
  • It reaches it’s 1 millionth certificate in March 2015 after 4 months in its public beta
  • 44 days later they issue their 2 millionth certificate
  • By November they had issued their 20 millionth certificate
  • By January 2017 Let’s Encrypt now has about 20 active certificates and issues about 1 million certificates per day.

Technical details

  • The certificates are domain validation certificates
  • They expire after precisely 90 days
  • The issuing process is automated

I am afraid of certificates

If you are one of those people who faints at the site of a bash terminal and this has been your reason for not implementing Let’s Encrypt on your site you will be pleased to know that there is now a plethora of clients that make the process trivial.

Most major web providers now have click to install packages that make this process painless. Beware of some web hosts that provide you with “free” certificates that are actually paid certificates from other providers and might make you pay in subsequent years.

My favourite method, however, remains the Easy Engine python script which even completely automates the whole process including the configuration for Nginx and setting up Cron job to be executed every 89 days.

A word about StartSSL

Those of you who have been frequenting this site for a while might remember that I once posted about how you could get a certificate from StartSSL. Well, the business was sold to a company called WoSign and due to some transparency issues Google and Mozilla will stop trusting Certificates issued after October 2016. So my advice – stay away and switch over to Let’s Encrypt.

Final Words

An SSL certificate is one of many essential arrows in a developer’s or webmaster’s quiver. It goes a long way in protecting the privacy and integrity of your customer’s communications. Let’s Encrypt is proving a bastion on that front. Their figures prove it and their clarion call beckoning to those who have not yet joined the secure web cause.



5 Comments

  1. Stephen Mudere says:

    Great this is the way to go if your project isn’t making money for you yet

  2. Macd Chip says:

    “…TLS is a communications protocol that allows you to access internet services such as the web and email…”

    So are you saying if l do not have TLS, l cannt access webmail and email?

    Maybe Techzim needs to learn from your article then because l notice a while back that they are not security conscious!

    1. Garikai Dzoma says:

      Haha! Have you ever thought you were writing something and then wrote something else altogether. The words “securely” somehow slipped through in the process. It got lost on the way to my fingers. The article has been corrected now.

      And the world needs hypocrites. Personally I have partially implemented Let’s Encrypt because I need CloudFlare and will not pay $20 for it and for some stupid reason they will not touch .co.zw domain validation payments without payment.

  3. Beatnyama says:

    “Even if you don’t run such sites having an encrypted connection will help boost your SSL”

    Is that a typo? If not, that’s one confusing statement

  4. Rushmore says:

    Some modern web servers like Caddy (https://caddyserver.com) have an HTTPS by default configuration which uses Let’s Encrypt. With such web servers you don’t have to do anything at all. The web server will have a TLS certificate issued for your domain and renew it when necessary without any intervention from you at all.

Leave a Reply

Your email address will not be published.